New Release of SearchInform Event Manager: Linux Support and Graph of Incidents

The latest version of SearchInform Event Manager provides for the complex control of security events on the servers and endpoints under Linux OS. The graph of incidents gives IS and IT experts access to relevant and constantly updated information about properties and state of corporate ecosystem.

The SearchInform Event Manager system for monitoring and analysis of security events is supplied with preset policies that automate audit of suspicious activity in the IT infrastructure. The new version of SIEM is enhanced with preset policies for Linux servers and workstations.

The updated system notifies about logon with the root rights, failures to log in, SSH errors. The system controls creation and assignment of rights to account, detects change of passwords and many other events.

The new rules include filters for security events of Postfix mail servers built in the Unix-based systems. Preset policies will notify about failures to log in, logons from unknown locations, events with unknown user, SSL connection errors, and other suspicious events.

The new version of SIEM features rules for audit of operations with files and directories of vsftpd FTP server: official FTP of Linux kernel. Out of 73 rules added in the latest release of SIEM, 45 rules control Linux systems.

“At the early stage of SIEM development, we were focused on the creation of rules for security events of application systems, developed connectors for technical means of protection, authorization and authentication systems. As the system develops, more and more mew data sources are added,” comments SearchInform Development Department Head Dmitry Gatsura. “Russian private companies and especially government agencies transit to Russian OSs based on the open OSs. So, it is logical that after control agent of our SearchInform DLP started working under Linux OS, we extended Syslog, and now our SIEM reads Linux logs.”

Besides, the developers enhanced features of SIEM with a graph of incidents which displays the current state of corporate system. The interactive graph displays servers, users, and PCs of the company with the number of incidents. Selecting a particular user or computer in the graph, an auditor can go to extended rules, incidents on them and description of threats.